Yesterday's iOS 7.0.6 update provided a fix for an SSL connection verification issue, which turned out to be a major security flaw in the operating system. In a support document, Apple noted the patch repaired a specific vulnerability that could allow an attacker with a "privileged network position" to capture or modify data protected by SSL/TLS.
In other words, iOS was vulnerable to a man-in-the-middle attack where an attacker could pose as a trusted website to intercept communications, acquiring sensitive information such as login credentials and passwords, or injecting harmful malware.
According to security firm CrowdStrike, OS X may be vulnerable as well, because it exhibits the same authentication flaw. OS X users are open to an attack on any shared wired or wireless network as SSL/TLS verification routines can be bypassed.
To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.
This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).
The bug, which has been detailed by Google software engineer Adam Langley, may have been introduced in OS X 10.9. According to Hacker News users, it remains unclear whether the issue is fixed with the latest version of the software, OS X 10.9.2, which is currently only available for developers. Users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari.
It is likely that Apple plans to release a fix for OS X in the near future to repair the vulnerability, but in the meantime, CrowdStrike recommends avoiding untrusted WiFi networks while traveling. The site also recommends an immediate update to iOS 7.0.6 for users who have not yet installed the newest version of the operating system on their iOS devices.
Update: Apple has told Reuters that it is aware of the issue and has a software fix that will be released "very soon."
Friday October 24, 2025 2:30 pm PDT by Juli Clover
In the fourth iOS 26.1 beta, Apple added a "Tinted" option that reduces the translucency of Liquid Glass for those who prefer a more opaque look. I saw some comments wondering whether the setting might preserve battery life, so I thought I'd do some testing.
Test Settings
I did four separate tests using the iPhone 17 Pro Max, and I kept the parameters as similar as possible. Here are the...
Wednesday October 22, 2025 6:15 am PDT by Joe Rossignol
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more.
iOS 26.1 is currently in beta testing. The update will likely be released in the first half of November, and it is compatible with the iPhone 11 series and newer, but some...
Apple Maps could feature integrated ads as soon as next year, Bloomberg's Mark Gurman reports.
In his latest "Power On" newsletter, Gurman said that Apple's plan to bring more ads to iOS is moving "gaining traction," with the Maps app being next in line. The project will apparently give restaurants and other businesses the option to pay to have their details featured more prominently in...
Thursday October 23, 2025 3:55 pm PDT by Juli Clover
Apple is one of several tech companies that will contribute to the construction of U.S. President Donald Trump's 90,000-square-foot ballroom, reports CNN.
Construction began on the ballroom this week, and the White House's east wing was torn down. Trump claims that the ballroom will cost $350 million, and that it will be privately funded through donations. The cost has already increased $150 ...
Apple's upcoming iPhone 18 could feature 50% more memory than its predecessor, according to Korea's The Bell.
With its latest iPhone lineup, the iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max feature 12GB of memory. This is a significant increase of 4GB more their predecessors, largely driven by the demands of on-device artificial intelligence processing.
The iPhone 17 is the only new...
In July, Apple sued well-known YouTuber Jon Prosser and his acquaintance Michael Ramacciotti over alleged theft of the company's trade secrets, after Prosser leaked some iOS 26 details in videos uploaded to his YouTube channel Front Page Tech. If you are not caught up on the lawsuit, read our initial coverage to learn more.
Earlier this week, Prosser told The Verge he has "been in active...
Apple's new iPhone lineup launched in the fall of 2027 will be called the "iPhone 20" models, rather than the "iPhone 19," according to research firm Omdia.
Speaking at a conference in Seoul (via ETNews), Omdia Chief Researcher Heo Moo-yeol corroborated rumors that Apple plans to move the launch of its standard iPhone to the first half of the year and provided some additional clarity about...
Friday October 24, 2025 7:18 am PDT by Joe Rossignol
At least some new iPhone models launching next year may support full 5G satellite internet, according to a report this week from The Information.
"Apple plans to add support in upcoming iPhones as early as next year for 5G networks that aren't tethered to Earth's surface, which includes satellites," the report said. "That would give the iPhone full internet access over satellite," it added.
...
The Windows 10 end-of-support deadline is driving the largest coordinated PC replacement cycle in years across the industry, and Apple is emerging as one of the main beneficiaries as Mac shipments accelerate.
Counterpoint Research this week reported that nearly 40% of the global installed PC base was still running Windows 10 ahead of the October 2025 cutoff, triggering early fleet renewals...
If this was a vulnerability in Flash, Windows, or Android there would be no end to the bashing that would be going on. Yet since it is Apple, users seem to be more accepting and are defending the company. Interesting indeed.
That's why I use Chrome, which gets security updates after every few weeks. :)
This has nothing to do with a particular browser. It's a flaw in the core OS X system security framework that software use to encrypt https (and other) connections.
The fact that Apple made iOS it's first priority is very revealing, they could have made it their highest priority to fix both iOS & OS X concurrently.
Furthermore, it reveals how sloppy they're getting. It should have been caught before it was shipped. One minute they patronize the masses, boasting how much they care about their customers, then they pull a stunt like this.
Microsoft wouldn't allow this to go ignored as long as Apple has.
$158.8 billion in cash reserves, and they don't hire a single security expert/programmer which at least skims through the core SSL code? :confused: :mad:
I still have ios 6 on my iPad and I don't want to upgrade to ios 7 just because of this security issue! This basically forces every one to upgrade to ios 7. so annoying!!!
"Apple has also released iOS 6.1.6 (build 10b500) for the iPhone 3GS and fourth-generation iPod touch."
Probably if you can upgrade to 7, you get 7.06, even you are still on IOS 6. I guess this is a really good way for Apple to get more people on 7.
How convenient. Apple will force everyone with a device capable of installing iOS7 to install it one way or another.... and then "brag" about the adoption of iOS 7.:rolleyes:
